Hi Paul, On 27/02/2019 15:48, Paul Wouters wrote: > On Wed, 27 Feb 2019, Paul Wouters wrote: > >>> https://datatracker.ietf.org/doc/draft-brotman-rdbd/ >> >> I've read the draft, and I have my usual complaints.
Thanks for taking a read! > I scanned this document a bit too fast, with an eye on parent-child > relationships and didn't fully realise this is about relating domains > at different parts in the DNS hierarchy alltogether. And even more thanks for reading it twice! It is short, luckily:-) Great that you think it's uncrazy. > > So now I do understand the format and use better. I'm not sure if the > DNS is the best place for this information, but it is not the worst > place either. So in that sense this proposal seems fine. Yep. Actually in exchanges with John Levine on the dbound list, (he was v. reasonably questioning the value of these new signatures), I myself only copped on that this could be of some use where the primary has DNSSEC but where the secondary doesn't, which is maybe interesting. Those mails are here [1] if someone's interested. > I do still have a concern that this is using its own signature schemes > embedded in the records instead of relying on DNSSEC. But I guess > that's just the world we live in now. Yep. After both domains have DNSSEC, then this could all be simpler. Before they do, there may be value in the sigs though see John's simplification suggestion at [1]. Cheers, S. [1] https://mailarchive.ietf.org/arch/msg/dbound/PON1ipCbK_ea67fbyvhUzSfj5og > > Paul > > _______________________________________________ > dbound mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dbound >
0x5AB2FAF17B172BEA.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
